On January 20 (over 2 weeks ago), I was searching for something on GitHub and came across this repo:
It’s still there, as of this writing.
What’s it about? I’ll let their README tell it:
WHMCS v 7.4 Full – 100% Decoded (deioncubed) & Nulled and free updates!
we are happy to announce that our team has fully 100% deioncubed the WHMCS and nulled ( removed all callbacks ).
100% decoded pure PHP code The program code is full decoded from Ioncube, unprotected and you don’t need Ioncube Loader extension anymore This is not usual WHMCS “nulled” package, like everyone else is selling. Not usual just cracked license file version, all other files ioncube encoded, with all the home-calls still active and waiting for your installation to be detected an blocked! This is different unique package. You get from us what no one is able to provide – the 100% pure PHP version! So you can investigate and change the code. This fully decoded pure PHP version is also great for programmers, to get to know how the code works, and change it if needed!
100% nulled All callbacks (“home calls”) back to the original developers are removed, so your software can’t and won’t get blocked!
FULL License You get from us the license with all plugins activated and no branding is displayed!
There’s an email for a domain called decoded.whmcs-nulled.ir. The website is gone now (archive).
Does it actually work? No idea, and I really have no interest in testing it since I don’t need a nulled WHMCS. But clearly this is piracy.
And apparently it’s been out there for quite a while:
BTW, WHMCS 8.9 is in beta at the moment. 7.4 was from 2017.
Since GitHub has a “Report Repository” feature (on the right of the typical repo page), I figured I’d do the right thing. Clicking that takes you to a page where you can fill out a form.
I chose “I want to report harmful code, such as malware, phishing, or cryptocurrency abuse.” Maybe looking back I should have chosen “I want to report a copyright, trademark violation, or private information” but at the time I was thinking that perhaps this contained something that stole credentials (I didn’t read through the code line by line). Wouldn’t be the first nulled software that did something nefarious.
I said in my ticket:
This repo states that it is nulled, di-ioncubed code from WHMCS, which is proprietary software. This is obvious piracy hosted on GitHub.
I got an email reply within a minute:
Thank you for contacting GitHub Support. We wanted to let you know that we’ve received your message. We are experiencing high volumes and therefore, you may experience longer than normal wait times. In the meantime, you may find answers to commonly asked questions in our community forum or in our documentation.
Keep in mind that GitHub is owned by Microsoft which is a $2.5 trillion-dollar firm, so…let’s keep those excuses about being flooded with traffic you can’t handle in check, guys.
That was January 20.
On January 25th, I got:
Thanks for taking the time to let us know. Our team is currently investigating the account in question to determine if their content or conduct violates GitHub‘s Terms of Service.
And that was the last update.
Now it’s February 5 and the repo is still there.
How long does it take to “investigate” this? I think anyone could look at that and conclude it’s piracy within 30 seconds. It’s not as if they need to check it against some database of code or have a PHP guru go in and deeply analyze things. The title of the repo says it all!
Related Posts:
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- Level Up Your Marketing and Social Media with These FREE Courses on Udemy! - April 26, 2024
- FLASH SALE: Cheap cPanel Shared Hosting from eWallHost for $7.97/YEAR! - April 24, 2024
- Should You Change Your Windows RDP Port?Yes. - April 23, 2024
I had a look at few php files and .. wow, how bad is WHMCS written!
Why are you trying to report a 6 year old repo for some commercial software? If WHMCS hasn’t reported it, maybe it doesn’t matter. (Apologies for my attitude, there’s just a lot of free(d) software out there, and it seems funny to me that you’ve gone out of your way to report it when you come across but one of them.)
There are no instructions anyway. People would not even be able to run it.
As an example of how lame and nonfunctional GitHub’s piracy handling is.
To run it you just need the original installation of WHMCS and then replace all of the php files with the ones in GitHub and you no longer have to pay a monthly/yearly fee to WHMCS that’s how it works
I obviously pay for WHMCS, but I’ve actually learned some things by looking at their code base. I believe WHMCS still needs to update alot of features, including the Licensing Addon. I have reported te Repo to Github before. I’m shocked it’s still up.
#Snitch
Not a snitch. It’s simple.. don’t use pirated software.
Boo hoo. It’s a good educational resource and…not very useful for much else given its age. There are less than 0 victims and you’re here crying about it. Weirdo.